Commit Graph

21 Commits

Author SHA1 Message Date
Ralf Becker
0123dc5d89 "dont log failed login attempts for the anon user, as it is a simple dos to sitemgr" 2008-11-22 08:14:59 +00:00
Ralf Becker
505fe07669 "function to analyse memory usage in the session" 2008-11-13 16:57:16 +00:00
Ralf Becker
a658d7c8ed Store config_user&_passwd of domain as hash, to be able to use them
inside eGW (without having them in cleartext available)
2008-11-09 16:15:42 +00:00
Ralf Becker
814eb013f1 Allow HTTP basic auth user to contain a domain to switch instances, as
it's done in the webgui login (for WebDAV or GroupDAV)
2008-10-26 12:18:57 +00:00
Ralf Becker
5322acf455 "fixed type causing sitemgr reloads to fail: PHP Fatal error: The script tried to execute a method or access a property of an incomplete object." 2008-10-10 13:11:37 +00:00
Ralf Becker
71063707a4 "found and fixed the real cause, appsession got called after session was commited (and therefore encrypted), these calles get now silently ignored" 2008-10-09 12:24:41 +00:00
Ralf Becker
8edc407e4d "quitent error_log from commit_session" 2008-10-09 12:12:48 +00:00
Ralf Becker
d9c93f845d "hopefully last fix for session encryption:
- flag in session if it is encrypted to prevent calling the encryption more then once, which stalls the session-content
- egw_session::session_comit() method calls now encrypt() too, as it closes the session, before the destructor is called
- hack to fix PHP Fatal error: Cannot use string offset as an array, which happens sometime in felamimail under php5.2
- some more docu"
2008-10-09 11:55:09 +00:00
Ralf Becker
d7f5835422 "fixed problem with lost password in session, when using session encryption" 2008-10-09 09:54:24 +00:00
Ralf Becker
94da0682cd re-added session encryption:
- it now also encrypts the egw object and egw_info array, stored in the session
- it no longer encrypts every egw_session::appsession() call, but the
  whole array at once when the egw_session object gets destroyed
- mcrypt algo and mode are currently hardcoded to tripledes and ecb, as
  we dont have the database connection, when they are needed. You can
  add it as egw_info[server][mcrypt_{algo|mode}] in the header.inc.php
- fixed a bug, which let the session grow around 400k(!) each request
- if mcrypt or the selected algo/mode is not availible the session
  encryption is switched off automatic, but an error is logged
2008-10-08 18:38:30 +00:00
Klaus Leithoff
5db4d77067 use the static function randomstring instead of the egw->common object (which may not be instanciated at the time) 2008-08-29 13:34:41 +00:00
Klaus Leithoff
755ba2245c after session_destroy, we need to (re-)load the eGW session-handler, as session_destroy unloads custom session-handlers 2008-08-29 13:00:18 +00:00
Ralf Becker
c475f86147 - get session list for session.save_handler='files' working again
- sessions are sorted by default with session_dla DESC (newest updated
  sessions first)
2008-08-19 11:54:35 +00:00
Ralf Becker
93e98f3e1a "egw_session::create(): generate new session-id, if not running SyncML (were is already happend in the Horde code)" 2008-08-16 06:00:34 +00:00
Ralf Becker
61df6f2a15 fixed bug reported by Martin Kramer on the German list 2008-08-15 14:37:34 +00:00
Ralf Becker
04ddf51d90 "fixed typo causing session list to contain all sessions" 2008-08-14 12:29:39 +00:00
Ralf Becker
8860cf8ea7 "list_sessions --> session_list" 2008-08-09 06:26:32 +00:00
Ralf Becker
666e6793a7 "added empty method delete_cache, as it get's called in some places - thought it does nothing" 2008-08-09 04:24:54 +00:00
Ralf Becker
1dcce48a46 "fixed typo causing posted froms to fail" 2008-08-08 06:32:16 +00:00
Ralf Becker
e50bd2e966 "re-added copyright and author of the old phpgwapi/inc/class.sessions(_php4).inc.php, I missed last night" 2008-08-08 06:02:45 +00:00
Ralf Becker
907e24d227 Refractured session handling in eGW:
- DONT UPDATE ON A PROCUDTION SYSTEM (for the next few days)!
- eGW support from now on only php session handling
- custom session handlers (like the memcache one) can now be
  implemented as classes and dont need to change any other code
- the class get's autoloaded and the name need to be configured 
  eg. in the header.inc.php as $egw_info[server][session_handler]
- session restore is now enabled by default (it's way faster and
  works well with php5.1+)
- a db-bases session handler follows soon
2008-08-07 21:12:44 +00:00